Техническая информация
Вредоносные функции:
Загружает на исполнение код следующих детектируемых угроз:
- Android.DownLoader.589.origin
Осуществляет доступ к приватному интерфейсу телефонии (ITelephony).
Сетевая активность:
Подключается к:
- UDP(DNS) <Google DNS>
- TCP(HTTP/1.1) httpsdk####.b0.a####.com:80
- TCP(HTTP/1.1) 47.92.1####.96:80
- TCP(HTTP/1.1) 1####.76.224.67:80
- TCP(HTTP/1.1) cdn.img.h####.####.com:80
- TCP(HTTP/1.1) cdn.game####.org:80
- TCP(TLS/1.0) api.face####.com:443
- TCP(TLS/1.0) c####.superma####.top:443
- TCP(TLS/1.0) s.ix####.com:443
- TCP(TLS/1.0) sett####.crashly####.com:443
- TCP(TLS/1.0) st####.suiyue####.com.####.com:443
- TCP(TLS/1.0) httpsdk####.b0.a####.com:443
Запросы DNS:
- c####.superma####.top
- cdn.app.superma####.top
- cdn.app.xingh####.cn
- cdn.game####.org
- cdn.img.h####.top
- g####.face####.com
- s.ix####.com
- sett####.crashly####.com
- st####.suiyue####.com
Запросы HTTP GET:
- cdn.game####.org/strategy/base
- cdn.game####.org/strategy/dev_root
- cdn.game####.org/strategy/dev_root2
- cdn.game####.org/strategy/larger4.3
- cdn.game####.org/strategy/loss_4.3
- cdn.game####.org/strategy/sul18
- cdn.game####.org/strategy/symlink-adbd
- cdn.img.h####.####.com/upload/201711/30/img/20171130182651140.png
- cdn.img.h####.####.com/upload/201801/19/img/20180119171042148.png
- cdn.img.h####.####.com/upload/201801/23/img/20180123151919886.png
- httpsdk####.b0.a####.com/lupload/clo/he
Изменения в файловой системе:
Создает следующие файлы:
- <Package Folder>/app_125669be-4bfd-416f-9b2a-55eb702ee89b/1190b...028441
- <Package Folder>/app_125669be-4bfd-416f-9b2a-55eb702ee89b/85986...90.jar
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/Matrix
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/ddexe
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/debuggerd
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/fileWork
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/insta...ery.sh
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/pidof
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/su
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/supolicy
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/toolbox
- <Package Folder>/app_51ba3714-74fa-46e5-b37b-2af942d2f65a/wsroot.sh
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/Matrix
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/ddexe
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/debuggerd
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/fileWork
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/insta...ery.sh
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/pidof
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/su
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/supolicy
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/toolbox
- <Package Folder>/app_69294b60-9708-4455-aea1-3b4841db3c66/wsroot.sh
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/Matrix
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/ddexe
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/debuggerd
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/fileWork
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/insta...ery.sh
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/pidof
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/su
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/supolicy
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/toolbox
- <Package Folder>/app_6bb6eaaf-c8c4-4fbc-9029-e11e3a372e44/wsroot.sh
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/Matrix
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/ddexe
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/debuggerd
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/device.db
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/fileWork
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/insta...ery.sh
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/pidof
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/root3
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/su
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/supolicy
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/toolbox
- <Package Folder>/app_a74915c8-0e05-4ccf-8e54-2dd5309811e8/wsroot.sh
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/Matrix
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/ddexe
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/debuggerd
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/fileWork
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/insta...ery.sh
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/pidof
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/su
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/supolicy
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/toolbox
- <Package Folder>/app_d50b2ca5-813f-40e7-8a61-5f126d71d545/wsroot.sh
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/Matrix
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/ddexe
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/debuggerd
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/fileWork
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/insta...ery.sh
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/pidof
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/su
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/supolicy
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/toolbox
- <Package Folder>/app_de324c79-4cd5-458b-8cc5-857e9ee575d3/wsroot.sh
- <Package Folder>/app_subox/1740c449fc10be62df60ba0f18696c9f
- <Package Folder>/app_subox/32edd79a240b5f1e461d069caab1ec3e
- <Package Folder>/app_subox/8b6f263391259b7a8e5f58ee71852ca8
- <Package Folder>/app_subox/b0141e478b25af7c40a8cca8de6c4708
- <Package Folder>/app_subox/b18a021d11a3004d25017230b681476b
- <Package Folder>/app_subox/c61913b615fb6224701377a119081f36
- <Package Folder>/app_subox_download/0198895c-6243-4df8-8844-595f3065eb3e
- <Package Folder>/app_subox_download/2aab9117-66e3-4640-af61-8ff48a767e4a
- <Package Folder>/app_subox_download/2b63127d-c1c2-45d8-a19e-de635bda9314
- <Package Folder>/app_subox_download/639e68ea-d735-4d3a-8c9b-43f71e461ca5
- <Package Folder>/app_subox_download/64c85a71-c507-480a-8741-1834e439bdc3
- <Package Folder>/app_subox_download/a400c978-bdb7-4640-bf5f-ad7b32dc031e
- <Package Folder>/app_subox_download/ee6645f1-5115-4eb4-a2a0-d7126d74b1f3
- <Package Folder>/app_subox_download/ff81e5d4-0ccf-4489-8657-afe38f0b506b
- <Package Folder>/cache/####/-1733735469
- <Package Folder>/cache/####/-1762364620
- <Package Folder>/cache/####/-1952266214
- <Package Folder>/cache/####/-1980895365
- <Package Folder>/cache/####/-202817575
- <Package Folder>/cache/####/-231446726
- <Package Folder>/cache/####/-412673552
- <Package Folder>/cache/####/-441302703
- <Package Folder>/cache/####/-531692541
- <Package Folder>/cache/####/-560321692
- <Package Folder>/cache/####/-690412734
- <Package Folder>/cache/####/-719041885
- <Package Folder>/cache/####/-722691862
- <Package Folder>/cache/####/-751321013
- <Package Folder>/cache/####/-782625197
- <Package Folder>/cache/####/06b5dd0179291e55f7e76fc2a368d4ce8ad....0.tmp
- <Package Folder>/cache/####/1036011578
- <Package Folder>/cache/####/1064640729
- <Package Folder>/cache/####/2024239764
- <Package Folder>/cache/####/2029060c99800f41382b4421239e935a472....0.tmp
- <Package Folder>/cache/####/2052868915
- <Package Folder>/cache/####/2129330615
- <Package Folder>/cache/####/2936544df033593396681678adb6fbab240....0.tmp
- <Package Folder>/cache/####/483001043
- <Package Folder>/cache/####/511630194
- <Package Folder>/cache/####/6cf57ca8646383ee4dfb7e34e6a35b373d4....0.tmp
- <Package Folder>/cache/####/822196836
- <Package Folder>/cache/####/850825987
- <Package Folder>/cache/####/970596202
- <Package Folder>/cache/####/999225353
- <Package Folder>/cache/####/journal.tmp
- <Package Folder>/cache/V2.9.4.txt
- <Package Folder>/cache/ads-1702544704.jar
- <Package Folder>/databases/jafwqq_analytics_v4.db-journal
- <Package Folder>/databases/t_u.db-journal
- <Package Folder>/databases/webview.db-journal
- <Package Folder>/files/####/5A0D85150366-0001-0828-4C12F2818E6F...ce.cls
- <Package Folder>/files/####/5A0D85150366-0001-0828-4C12F2818E6F...s_temp
- <Package Folder>/files/####/5A0D851F005E-0001-0895-4C12F2818E6F...on.cls
- <Package Folder>/files/####/5A0D851F005E-0001-0895-4C12F2818E6F...s_temp
- <Package Folder>/files/####/com.crashlytics.settings.json
- <Package Folder>/files/####/initialization_marker
- <Package Folder>/files/####/sa_4fde255c-1968-4d8e-8804-2bb6ac3f...47.tap
- <Package Folder>/files/####/session_analytics.tap
- <Package Folder>/files/####/session_analytics.tap (deleted)
- <Package Folder>/files/####/session_analytics.tap.tmp
- <Package Folder>/files/SUBOXLOG_
- <Package Folder>/files/gaClientId
- <Package Folder>/files/tz.jar
- <Package Folder>/files/xw.jar
- <Package Folder>/shared_prefs/FBAdPrefs.xml
- <Package Folder>/shared_prefs/Global.xml
- <Package Folder>/shared_prefs/SDKIDFA.xml
- <Package Folder>/shared_prefs/SevenMins-TTS.xml
- <Package Folder>/shared_prefs/TwitterAdvertisingInfoPreferences.xml
- <Package Folder>/shared_prefs/com.crashlytics.prefs.xml
- <Package Folder>/shared_prefs/com.crashlytics.sdk.android;answe...gs.xml
- <Package Folder>/shared_prefs/com.facebook.ads.FEATURE_CONFIG.xml
- <Package Folder>/shared_prefs/com.jafwqq.android.gms.analytics.prefs.xml
- <Package Folder>/shared_prefs/count.xml
- <Package Folder>/shared_prefs/instaget.xml
- <Package Folder>/shared_prefs/io.fabric.sdk.android;fabric;io.f...ng.xml
- <Package Folder>/shared_prefs/kr.xml
- <Package Folder>/shared_prefs/thirtyDayFit.xml
- <Package Folder>/shared_prefs/vbz.xml
- <SD-Card>/Android/####/50b89f7d88265
- <SD-Card>/Android/####/908beb7c3fcf2977df6007625ba3abd9.apk
- <SD-Card>/Android/####/b.tmp
- <SD-Card>/Android/####/b08ffbe76bc53
- <SD-Card>/Android/####/dae69bc6773f2
- <SD-Card>/InstaGet/####/crash.log
- <SD-Card>/ThirtyDayFitTTS/####/1.stts
- <SD-Card>/ThirtyDayFitTTS/####/11.stts
- <SD-Card>/ThirtyDayFitTTS/####/12.stts
- <SD-Card>/ThirtyDayFitTTS/####/13.stts
- <SD-Card>/ThirtyDayFitTTS/####/14.stts
- <SD-Card>/ThirtyDayFitTTS/####/15.stts
- <SD-Card>/ThirtyDayFitTTS/####/150.stts
- <SD-Card>/ThirtyDayFitTTS/####/155.stts
- <SD-Card>/ThirtyDayFitTTS/####/16.stts
- <SD-Card>/ThirtyDayFitTTS/####/160.stts
- <SD-Card>/ThirtyDayFitTTS/####/165.stts
- <SD-Card>/ThirtyDayFitTTS/####/17.stts
- <SD-Card>/ThirtyDayFitTTS/####/170.stts
- <SD-Card>/ThirtyDayFitTTS/####/18.stts
- <SD-Card>/ThirtyDayFitTTS/####/19.stts
- <SD-Card>/ThirtyDayFitTTS/####/2.stts
- <SD-Card>/ThirtyDayFitTTS/####/200.stts
- <SD-Card>/ThirtyDayFitTTS/####/21.stts
- <SD-Card>/ThirtyDayFitTTS/####/22.stts
- <SD-Card>/ThirtyDayFitTTS/####/23.stts
- <SD-Card>/ThirtyDayFitTTS/####/24.stts
- <SD-Card>/ThirtyDayFitTTS/####/25.stts
- <SD-Card>/ThirtyDayFitTTS/####/26.stts
- <SD-Card>/ThirtyDayFitTTS/####/27.stts
- <SD-Card>/ThirtyDayFitTTS/####/275.stts
- <SD-Card>/ThirtyDayFitTTS/####/28.stts
- <SD-Card>/ThirtyDayFitTTS/####/29.stts
- <SD-Card>/ThirtyDayFitTTS/####/3.stts
- <SD-Card>/ThirtyDayFitTTS/####/30.stts
- <SD-Card>/ThirtyDayFitTTS/####/31.stts
- <SD-Card>/ThirtyDayFitTTS/####/32.stts
- <SD-Card>/ThirtyDayFitTTS/####/33.stts
- <SD-Card>/ThirtyDayFitTTS/####/34.stts
- <SD-Card>/ThirtyDayFitTTS/####/35.stts
- <SD-Card>/ThirtyDayFitTTS/####/36.stts
- <SD-Card>/ThirtyDayFitTTS/####/38.stts
- <SD-Card>/ThirtyDayFitTTS/####/4.stts
- <SD-Card>/ThirtyDayFitTTS/####/40.stts
- <SD-Card>/ThirtyDayFitTTS/####/42.stts
- <SD-Card>/ThirtyDayFitTTS/####/5.stts
- <SD-Card>/ThirtyDayFitTTS/####/6.stts
- <SD-Card>/ThirtyDayFitTTS/####/7.stts
- <SD-Card>/ThirtyDayFitTTS/####/8.stts
- <SD-Card>/ThirtyDayFitTTS/####/9.stts
- <SD-Card>/ThirtyDayFitTTS/####/Bird Dog.stts
- <SD-Card>/ThirtyDayFitTTS/####/Burpee.stts
- <SD-Card>/ThirtyDayFitTTS/####/Chest Press Pulse.stts
- <SD-Card>/ThirtyDayFitTTS/####/Congratulations.stts
- <SD-Card>/ThirtyDayFitTTS/####/Donkey Kick Left.stts
- <SD-Card>/ThirtyDayFitTTS/####/Fire Hydrant Left.stts
- <SD-Card>/ThirtyDayFitTTS/####/Floor Triceps Dips.stts
- <SD-Card>/ThirtyDayFitTTS/####/Froggy Glute Lifts.stts
- <SD-Card>/ThirtyDayFitTTS/####/Hip Bridge & Leg Lift.stts
- <SD-Card>/ThirtyDayFitTTS/####/Leg Raise.stts
- <SD-Card>/ThirtyDayFitTTS/####/Long Arm Crunch.stts
- <SD-Card>/ThirtyDayFitTTS/####/Lunge Knee Hops Left.stts
- <SD-Card>/ThirtyDayFitTTS/####/Lunge Knee Hops Right.stts
- <SD-Card>/ThirtyDayFitTTS/####/Mountain Climber.stts
- <SD-Card>/ThirtyDayFitTTS/####/One Leg Push Up.stts
- <SD-Card>/ThirtyDayFitTTS/####/Plank Taps.stts
- <SD-Card>/ThirtyDayFitTTS/####/Push Up.stts
- <SD-Card>/ThirtyDayFitTTS/####/Ready to go.stts
- <SD-Card>/ThirtyDayFitTTS/####/Right Side Plank.stts
- <SD-Card>/ThirtyDayFitTTS/####/Side Lunge.stts
- <SD-Card>/ThirtyDayFitTTS/####/Sumo Squat & Leg Raise.stts
- <SD-Card>/ThirtyDayFitTTS/####/Wall Sit.stts
Другие:
Запускает следующие shell-скрипты:
- chmod 777 /storage/emulated/0/Android/data/<Package>/files/Download/Android/azb/908beb7c3fcf2977df6007625ba3abd9.apk
- chmod 777 Matrix ddexe debuggerd device.db fileWork install-recovery.sh pidof root3 su supolicy toolbox wsroot.sh
- chmod 777 Matrix ddexe debuggerd fileWork install-recovery.sh pidof su supolicy toolbox wsroot.sh
- sh
Осуществляет доступ к информации о сети.
Осуществляет доступ к информации о телефоне (номер, imei и тд.).
Осуществляет доступ к информации об установленных приложениях.
Осуществляет доступ к информации о запущенных приложениях.
Добавляет задания в системный планировщик.
Отрисовывает собственные окна поверх других приложений.
